Add Broken Link Hijacking #84
Labels
Comments
|
If the takeover can be proven, then yes I'd classify as the highest of these impacts (P2 - Stored XSS). Not sure if I'd create a standalone category though. |
|
Thanks for the writeup @EdOverflow! I agree with @jhaddix, looks like the existing entries are sufficient to clearly classify every scenario you describe. Please let us know if you would like to propose any improvements though. |
|
Can we re-open for discussion this issue? I feel like this is being overrated, specifically the impersonation part. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please refer to this technical write-up on "Broken Link Hijacking" (BLH): https://edoverflow.com/2017/broken-link-hijacking/
BLH can be broken down into two main categories: Stored and reflected.
The different (sub)categories can be classified as follows:
Impersonation
This one I am not too sure about, since it really depends on how convincing the attack is. If the link is the main installation button on the homepage it is going to cause more trouble than a little broken Facebook link on a company's "About" page.
External JS or SVG File Hijacking
This is essentially stored XSS. The attacker's malicious code is stored in the page. This should be rated the same as stored XSS:
Information Leakage
This would mainly fall under:
Content Hijacking
This category depends entirely on the content being served, but for the most part I imagine this would belong to:
Reflected
This is the same as reflected XSS.
The text was updated successfully, but these errors were encountered: